Microsoft Extends Windows Defender Application Guard To Chrome, Firefox

Microsoft has released extensions for Chrome and Mozilla Firefox bringing its Windows Defender Application Guard system to the popular browsers.

Application Guard is a relatively new security feature released for Windows 10 last year, and until now has only worked in Microsoft’s Edge browser.

The feature allows system administrators to set up a list of trusted internet and local resources.  If  a user accesses a site not on the list, the tool automatically opens the site in an instance of Edge running in a Hyper-V-enabled container, isolating it from the rest of the system and the network.

Using the new extensions, Windows 10 can now be set up so that the feature is extended to Chrome and Firefox users, Microsoft said in a blog post.

Protected browser session

If an untrusted link is accessed using a third-party browser, Application Guard automatically switches the user over to Edge, launching the resource in a sandboxed instance of Microsoft’s browser.

Microsoft said that an upcoming update to the feature would automate the process of switching users back to the default browser when a trusted link is accessed in Edge.

Users can also launch an Application Guard session in Edge by clicking on the extension icon in the Chrome or Firefox toolbar.

“In the isolated Microsoft Edge session, the user can freely navigate to any site that has not been explicitly defined as trusted by their organization without any risk to the rest of system,” Microsoft stated.

The company didn’t indicate any plans to extend the sandbox feature to third-party browsers.

Security automation

The Chrome and Firefox extensions are currently only available to participants in the Windows Insider software testing programme, running Windows 10 Enterprise and Pro builds 1803 and later.

The extensions are set for general availability “very soon”, Microsoft said, meaning they are likely to be compatible with the 19H1 Windows 10 stable release scheduled for later this spring.

The feature is designed to run on enterprise-managed systems, where administrators can automate the process of launching a protected Edge session.

To do so, administrators must first define a list of trusted resources, then install the Application Guard companion application, and finally install the Chrome or Firefox extension.

The Application Guard extension also works in Windows 10’s standalone mode, but requires users of third-party browsers to trigger it manually.